<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>pyftpdlib Release Notes</title>
</head>

<body>
<div id="wikicontent">
  <h1><a name="Version:_0.5.0_-_Date:_2008-09-20" id="Version:_0.5.0_-_Date:_2008-09-20">Version: 0.5.0 - Date: 2008-09-20</a></h1>
  <h2><a name="Major_enhancements" id="Major_enhancements">Major enhancements</a></h2>
  <ul>
    <li><a title="Implement idle-timeouts" href="http://code.google.com/p/pyftpdlib/issues/detail?id=72">Issue #72</a>: pyftpdlib now provides configurable idle timeouts to disconnect client after a long time of inactivity. </li>
    <li><a title="pyftpdlib should impose a delay before replying for invalid credentials" href="http://code.google.com/p/pyftpdlib/issues/detail?id=73">Issue #73</a>: impose a delay before replying for invalid credentials to minimize the risk of brute force password guessing. </li>
    <li><a title="Implement permissions overriding" href="http://code.google.com/p/pyftpdlib/issues/detail?id=74">Issue #74</a>:  it is now possible to define permission exceptions for certain  directories (e.g. creating a user which does not have write permission  except for one sub-directory in FTP root). </li>
    <li>Improved bandwidth throttling capabilities of <a href="http://code.google.com/p/pyftpdlib/source/browse/tags/release-0.5.0/demo/throttled_ftpd.py" rel="nofollow">demo/throttled_ftpd.py</a> script by having used the new CallLater class which drastically reduces the number of calls to time.time(). </li>
  </ul>
  <h2><a name="Bugfixes" id="Bugfixes">Bugfixes</a></h2>
  <ul>
    <li><a title="Some unit tests failing on dual core machines" href="http://code.google.com/p/pyftpdlib/issues/detail?id=62">Issue #62</a>: some unit tests were failing on dual core machines. </li>
    <li><a title="Socket handles are leaked when a data transfer is in progress and user QUITs" href="http://code.google.com/p/pyftpdlib/issues/detail?id=71">Issue #71</a>: socket handles are leaked when a data transfer is in progress and user QUITs. </li>
    <li><a title="Orphaned file is left behind in case STOU fails for insufficient user permissions" href="http://code.google.com/p/pyftpdlib/issues/detail?id=75">Issue #75</a>: orphaned file was left behind in case STOU failed for insufficient user permissions. </li>
    <li><a title="Incorrect OOB data management on FreeBSD" href="http://code.google.com/p/pyftpdlib/issues/detail?id=77">Issue #77</a>: incorrect OOB data management on FreeBSD. </li>
  </ul>
  <h2><a name="API_changes_since_0.4.0" id="API_changes_since_0.4.0">API changes since 0.4.0</a></h2>
  <ul>
    <li><a name="API_changes_since_0.4.0" id="API_changes_since_0.4.0">FTPHandler, DTPHandler, PassiveDTP and ActiveDTP classes gained a new timeout class attribute. </a></li>
    <li><a name="API_changes_since_0.4.0" id="API_changes_since_0.4.0">DummyAuthorizer class gained a new override_perm method. </a></li>
    <li><a name="API_changes_since_0.4.0" id="API_changes_since_0.4.0">A new class called CallLater has been added. </a></li>
    <li><a name="API_changes_since_0.4.0" id="API_changes_since_0.4.0">AbstractedFS.get_stat_dir method has been removed. </a></li>
  </ul>
  <h2><a name="Migration_notes" id="Migration_notes">Migration notes</a></h2>
  <p><a name="Migration_notes" id="Migration_notes">Changes  applied to the 0.5.0 trunk should be fully compatible with the previous  0.4.0 version. Your existing 0.4.0 based code will most likely work  without need to be modified. The new features in this release are  detailed below. </a></p>
  <h3><a name="Idle_timeouts_and_new_class" id="Idle_timeouts_and_new_class">Idle timeouts and new CallLater</a> class</h3>
  <p>The  previous version suffered the problem of not having a mechanism to  disconnect clients after a long time of inactivity. This posed the risk  for the FTP server to be easily vulnerable to DoS attacks in which a  lot of connected clients could clump system's resources and sockets. </p>
  <p>0.5.0  version solved this problem by implementing a brand new polling loop  which, other than serving the connected clients, also checks if it is  the proper time for scheduled functions to be called (if any). Thanks  to the new loop and the new CallLater class implementing <a href="http://code.google.com/p/pyftpdlib/issues/detail?id=72" rel="nofollow">timeouts</a> and <a href="http://code.google.com/p/pyftpdlib/issues/detail?id=73" rel="nofollow">delays to invalid credential replies</a> have been possible. </p>
  <p>FTPHandler class gained a new timeout attribute defaulting to 300 seconds which is the maximum time of inactivity a remote client may spend before being disconnected. </p>
  <p>Also DTPHandler class gained a new timeout attribute defaulting to 300 seconds which roughly is the maximum time the data transfers can stall for with no progress. </p>
  <h3><a name="Permission_exceptions" id="Permission_exceptions">Permission exceptions</a></h3>
  <p><a name="Permission_exceptions" id="Permission_exceptions">The DummyAuthorizer  now gives the possibility to define permission exceptions for  directories. For example, if you want to create a user which does not  have write permission except for one sub-directory in FTP root, you can  now do as follows: </a></p>
  <pre><a name="Permission_exceptions" id="Permission_exceptions">&gt;&gt;&gt; from pyftpdlib import ftpserver<br />&gt;&gt;&gt; authorizer = ftpserver.DummyAuthorizer()<br />&gt;&gt;&gt; authorizer.add_user('user', 'password', '/home/ftp', perm='elr')<br />&gt;&gt;&gt; authorizer.override_perm('user', '/home/ftp/pub', 'elradfmw', recursive=True)</a>


</pre>
</div>
</body>
</html>
